Regin spyware involved in attack against the Russian tech giant Yandex

Allegedly Western nation-state actors breached the systems of Russian tech giant Yandex in 2018, the attack involved a new variant of the Regin malware.

According to the Reuters, Western state-sponsored hackers breached the systems of the Russian tech giant Yandex in 2018, the attack involved a new variant of the Regin malware.

The Regin malware has been around since at least 2008, most Regin infections were observed in Russia (28%) and Saudi Arabia (24%), but other attacks were spotted in Iran, Ireland, India, Afghanistan, Austria, Belgium,  Mexico, and Pakistan.

In August 2015, Symantec revealed the existence of 49 new modules of the Regin espionage platform, a circumstance that suggests that its operators are still active.

Many experts linked the Regin malware to the Five Eyes alliance, they found alleged references to the super spyware in a number of presentations leaked by Edward Snowden and according to malware researchers, it has been used in targeted attacks against government agencies in the EU and the Belgian telecoms company Belgacom.

In 2015, the Der Spiegel, citing cyber security experts, confirmed there “is no doubt” that Regin can be linked to the Five Eyes alliance.

The Regin Trojan was discovered on the laptop last year and it has been used by threat actors to exfiltrate sensitive data from the targeted computer.

Now the Reuters revealed that it was aware of a security breach suffered by Yandex and that occurred between October and November 2018.

Hackers targeted research and development department at Yandex, attackers were interested in compromising the company’s user authentication system.

“Hackers working for Western intelligence agencies broke into Russian internet search company Yandex in late 2018 deploying a rare type of malware in an attempt to spy on user accounts, four people with knowledge of the matter told Reuters.” reported the Reuters.

Attackers aimed at impersonating users and access to their private messages. Yandex acknowledged the security breach but did not provide further details on the attack.

“This particular attack was detected at a very early stage by the Yandex security team. It was fully neutralized before any damage was done,” said Yandex spokesman Ilya Grabovsky.

The Yandex security team’s response declared that no user data was compromised by the attack because it was “detected at a very early stage” and it was “fully neutralized before any damage was done.”

The attack involved a new version of Regin spyware and experts speculate that the attack against Yandex was launched by Five Eyes intelligence agencies.

According to Reuters, Yandex hired Kaspersky experts to investigate the incident, initial findings suggest that attackers targeted a group of developers within the company.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Regin, espionage)

[adrotate banner=”5″]

[adrotate banner=”13″]